Quiz: Are you leaving your cybersecurity strategy up to luck?

Quiz: Are you leaving your cybersecurity strategy up to luck?

June 8, 20185 minute read

Did you know 1 in 131 emails contains malware? That’s 0.76 percent of all emails. It may not seem like a huge percentage to you—in fact, with odds like that, you can probably trust to luck you won’t get a malicious email in your inbox. You’ve always had pretty good luck anyway, so why waste the time factoring in email to your already complicated cybersecurity strategy, right?

That all sounds logical—until you think about how many emails you receive in a month. More than 131? Thought so. Forget luck: This is a battle of wits, knowledge, and preparation. If you think you have what it takes to stay secure, try testing your luck on these real IT breach situations:

Scenario 2: The compromised printer

It’s cybersecurity strategy huddle time, and you’re running late. You’re going to be held up even further because you need to print out a sensitive doc your coworker just emailed you. You know it’s not the best policy to print it to that old, dusty printer in the corner, but it’s the closest one to your desk, you’re going to be late, and you probably won’t get in trouble.

Print it.

Print it and sprint to the printer to avoid it being stolen.

Try to avoid using a printer with an admin password of “admin.”

Email your boss that you’re running late and figure out a more secure solution.

Scenario 3: The unexpected raise

Oh snap, you may be lucky after all. You’ve gotten an email from the payroll department commending you for excellent work by granting an 11.14 percent raise. It reads, “Salary raise documents are attached.” Should you:

Open the documents.

Figure it will show up on your next paycheck regardless.

Go buy that drone off Amazon you really want.

Call payroll to verify.

Scenario 4: The command from above

You’re about to log out for the weekend when you get an email from your boss with a subject line reading “urgent.”

Hey, need you to send me your account name and password for the company system. I’m locked out and in a meeting with our penetration testing vendor, need it ASAP.

Send the info and go party.

Delegate it and go party.

Close your laptop and worry about it on Monday.

Call your boss to verify the request.

Scenario 5: A friend in need

Your college roommate and ride-or-die shenanigans partner emails. They’re in a pinch, apparently. Unsurprisingly, they got mugged after a wild night of drinking and need you to send a little bit of money their way. They’ve helped you out before, right? Do you:

Send the money.

Ignore your friend.

Respond and ask for more details.

Send a Facebook message or text to verify the situation.

Scenario 6: Not the tax man!

Oh no—you see an email from the IRS. Not the IRS. Anyone but the IRS. Your tax return is missing some information and you’re due to receive a refund this year, according to the email. How do you proceed?

Click the link to complete your missing tax return info.

Laugh because you haven’t done your taxes yet.

Wait until the IRS comes knocking to act.

Log into your tax software and check your tax return status.

Scenario 7: IT breach notification

You open your work email and see a message from your bank. It reads: “Hello, your account’s been suspended due to a data breach. Please click to reset your password.“ What now?

Click the link and reset your password.

Delete the email.

Panic.

Ask an IT security coworker to verify legitimacy.

Scenario 8: The summons

You’ve been summoned to appear in front of a grand jury. Well, the email certainly appears serious: It was sent by subpoena[at]usdoj[dot]com, the email has a Department of Justice logo, a case number, a time, an address, and a link that reads, “Click to learn more.” What do you do?

Click to learn more.

Tell your manager you have a cold and go home to cry.

Google identity brokers and go into hiding.

Google the listed courthouse and call to verify.

Scenario 9: The HR email

There’s an audible whining noise from your coworker’s cubicle. The reason is soon apparent: The entire IT department received emails from HR asking to complete the same insurance forms everyone already completed last week. Should you:

Complete the insurance forms.

Ignore the email.

Create a meme about evil HR overlords and their mass amounts of paperwork.

Dial HR’s extension to verify the request.

Scenario 10: The Facebook album

You get a text message from that one aunt who shows way too many pictures at family holiday gatherings. It reads: “Hey! Check out Sam and Aubrey’s new spring photos on Facebook! fb.me/example.” Should you:

Click the link.

Ignore the link.

Block your aunt on Facebook.

Message her to see if she meant to send you photos.

Did your cybersecurity strategy hold up?

Mostly As: You made some hackers pretty “lucky.”

Mostly Bs: You’re mostly safe from hackers, but you should probably be better about responding to legit emails, too.

Believe it or not, every one of these quiz questions was inspired by real-life phishy behavior—actual examples of phishing, spearphishing, smishing, and business email compromise attempts in the wild. Clearly, hackers are getting trickier than ever, and it’s time to secure every entry point to your network, including often-overlooked vulnerabilities, like your legacy business printers, and get savvy to social engineering threats. In other words, don’t leave your cybersecurity strategy up to luck—start implementing better security today to protect your IT environment tomorrow.